Compare commits
No commits in common. "ee522ac40115f4c31900857b1fae968aab7b889e" and "375dd842d40601103a7df788a6012e200ce8829d" have entirely different histories.
ee522ac401
...
375dd842d4
2
dependencies/tlibc
vendored
2
dependencies/tlibc
vendored
@ -1 +1 @@
|
||||
Subproject commit 00a1a29d342c6b3bcb8015a661364e10a3134fe4
|
||||
Subproject commit 5fb2db2380b678381ef455a18c8210a6a3314e60
|
||||
@ -5,7 +5,7 @@ void ServerConnection_close(ServerConnection* conn){
|
||||
if(conn == NULL)
|
||||
return;
|
||||
RSA_destroyPublicKey(&conn->server_pk);
|
||||
EncryptedSocketTCP_destroy(&conn->sock);
|
||||
socket_close(conn->sock.sock);
|
||||
free(conn->session_key.data);
|
||||
free(conn);
|
||||
}
|
||||
@ -34,9 +34,7 @@ Result(void) ServerLink_parse(cstr server_link_cstr, EndpointIPv4* server_end_ou
|
||||
Return RESULT_ERROR_FMT("server link is invalid: %s", server_link_cstr);
|
||||
}
|
||||
str server_key_str = str_sliceAfter(server_link_str, sep_pos + 1);
|
||||
char* server_key_cstr = str_copy(server_key_str).data;
|
||||
Defer(free(server_key_cstr));
|
||||
try_void(RSA_parsePublicKey_base64(server_key_cstr, server_key_out));
|
||||
try_void(RSA_parsePublicKey_base64(server_key_str, server_key_out));
|
||||
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
@ -65,82 +63,78 @@ Result(ServerConnection*) ServerConnection_open(ClientCredentials* client_creden
|
||||
try(Socket _s, i, socket_open_TCP());
|
||||
// TODO: set socket timeout to 5 seconds
|
||||
try_void(socket_connect(_s, conn->server_end));
|
||||
EncryptedSocketTCP_construct(&conn->sock, _s, NETWORK_BUFFER_SIZE, conn->session_key);
|
||||
EncryptedSocketTCP_construct(&conn->sock, _s, conn->session_key);
|
||||
|
||||
Array(u8) buffer = Array_alloc_size(NETWORK_BUFFER_SIZE);
|
||||
// fix for valgrind false detected errors about uninitialized memory
|
||||
Array_memset(buffer, 0xCC);
|
||||
Defer(free(buffer.data));
|
||||
Array(u8) enc_buf = Array_alloc_size(8*1024);
|
||||
Defer(free(enc_buf.data));
|
||||
Array(u8) dec_buf = Array_alloc_size(8*1024);
|
||||
Defer(free(dec_buf.data));
|
||||
u32 enc_size = 0, dec_size = 0;
|
||||
|
||||
// construct PacketHeader and ClientHandshake in buffer
|
||||
PacketHeader_construct(buffer.data, PROTOCOL_VERSION,
|
||||
PacketType_ClientHandshake, sizeof(ClientHandshake));
|
||||
ClientHandshake_construct(
|
||||
Array_sliceAfter(buffer, sizeof(PacketHeader)).data,
|
||||
conn->session_key);
|
||||
u32 header_and_message_size = sizeof(PacketHeader) + sizeof(ClientHandshake);
|
||||
// encrypt message by server public key
|
||||
Array(u8) bufferPart_encryptedClientHandshake = Array_sliceAfter(buffer, header_and_message_size);
|
||||
try(u32 rsa_enc_size, u,
|
||||
// construct ClientHandshake in dec_buf
|
||||
try_void(ClientHandshake_tryConstruct((ClientHandshake*)dec_buf.data, conn->session_key));
|
||||
dec_size = sizeof(ClientHandshake);
|
||||
// encrypt by server public key
|
||||
try(enc_size, u,
|
||||
RSAEncryptor_encrypt(
|
||||
&conn->rsa_enc,
|
||||
Array_sliceBefore(buffer, header_and_message_size),
|
||||
bufferPart_encryptedClientHandshake
|
||||
Array_sliceBefore(dec_buf, dec_size),
|
||||
enc_buf
|
||||
)
|
||||
);
|
||||
bufferPart_encryptedClientHandshake.size = rsa_enc_size;
|
||||
// send encrypted message
|
||||
try_void(socket_send(conn->sock.sock, bufferPart_encryptedClientHandshake));
|
||||
try_void(socket_send(conn->sock.sock, Array_sliceBefore(enc_buf, enc_size)));
|
||||
|
||||
// receive server response
|
||||
try_void(
|
||||
enc_size = AESStreamEncryptor_calcDstSize(sizeof(PacketHeader));
|
||||
try(dec_size, u,
|
||||
EncryptedSocketTCP_recv(&conn->sock,
|
||||
Array_sliceBefore(buffer, sizeof(PacketHeader)),
|
||||
Array_sliceBefore(enc_buf, enc_size),
|
||||
dec_buf,
|
||||
SocketRecvFlag_WaitAll
|
||||
)
|
||||
);
|
||||
PacketHeader* packet_header = buffer.data;
|
||||
try_assert(dec_size == sizeof(PacketHeader));
|
||||
PacketHeader* packet_header = dec_buf.data;
|
||||
try_void(PacketHeader_validateMagic(packet_header));
|
||||
|
||||
// handle server response
|
||||
switch(packet_header->type){
|
||||
case PacketType_ErrorMessage: {
|
||||
u32 err_msg_size = packet_header->content_size;
|
||||
if(err_msg_size > conn->sock.recv_buf.size)
|
||||
err_msg_size = conn->sock.recv_buf.size;
|
||||
Array(u8) err_buf = Array_alloc_size(err_msg_size + 1);
|
||||
Array(u8) err_buf = Array_alloc_size(packet_header->content_size + 1);
|
||||
bool err_msg_completed = false;
|
||||
Defer(
|
||||
if(!err_msg_completed)
|
||||
free(err_buf.data);
|
||||
);
|
||||
|
||||
// receive error message
|
||||
// receive error message of length packet_header->content_size
|
||||
enc_size = packet_header->content_size;
|
||||
if(enc_size > enc_buf.size)
|
||||
enc_size = enc_buf.size;
|
||||
try_void(
|
||||
EncryptedSocketTCP_recv(
|
||||
&conn->sock,
|
||||
Array_sliceBefore(err_buf, err_msg_size),
|
||||
Array_sliceBefore(enc_buf, enc_size),
|
||||
err_buf,
|
||||
SocketRecvFlag_WaitAll
|
||||
)
|
||||
);
|
||||
|
||||
((u8*)err_buf.data)[err_msg_size] = 0;
|
||||
((u8*)err_buf.data)[enc_size] = 0;
|
||||
err_msg_completed = true;
|
||||
Return RESULT_ERROR((char*)err_buf.data, true);
|
||||
}
|
||||
case PacketType_ServerHandshake: {
|
||||
Array(u8) bufferPart_ServerHandshake = {
|
||||
.data = (u8*)buffer.data + sizeof(PacketHeader),
|
||||
.size = sizeof(ServerHandshake)
|
||||
};
|
||||
enc_size = sizeof(ServerHandshake) - sizeof(PacketHeader);
|
||||
try_void(
|
||||
EncryptedSocketTCP_recv(
|
||||
&conn->sock,
|
||||
bufferPart_ServerHandshake,
|
||||
Array_sliceBefore(enc_buf, enc_size),
|
||||
dec_buf,
|
||||
SocketRecvFlag_WaitAll
|
||||
)
|
||||
);
|
||||
ServerHandshake* server_handshake = bufferPart_ServerHandshake.data;
|
||||
ServerHandshake* server_handshake = dec_buf.data;
|
||||
conn->session_id = server_handshake->session_id;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -27,9 +27,7 @@ static Result(void) askUserNameAndPassword(ClientCredentials** cred){
|
||||
str usrername = str_null;
|
||||
while(true) {
|
||||
printf("username: ");
|
||||
if(fgets(username_buf, sizeof(username_buf), stdin) == NULL){
|
||||
Return RESULT_ERROR("STDIN is closed", false);
|
||||
}
|
||||
fgets(username_buf, sizeof(username_buf), stdin);
|
||||
usrername = str_from_cstr(username_buf);
|
||||
if(usrername.size < 4){
|
||||
printf("ERROR: username length must be at least 4\n");
|
||||
@ -42,9 +40,7 @@ static Result(void) askUserNameAndPassword(ClientCredentials** cred){
|
||||
while(true) {
|
||||
printf("password: ");
|
||||
// TODO: hide password
|
||||
if(fgets(password_buf, sizeof(password_buf), stdin) == NULL){
|
||||
Return RESULT_ERROR("STDIN is closed", false);
|
||||
}
|
||||
fgets(password_buf, sizeof(password_buf), stdin);
|
||||
password = str_from_cstr(password_buf);
|
||||
if(password.size < 8){
|
||||
printf("ERROR: password length must be at least 8\n");
|
||||
@ -63,23 +59,15 @@ Result(void) client_run() {
|
||||
}
|
||||
|
||||
fputs(greeting_art.data, stdout);
|
||||
|
||||
Defer(
|
||||
ClientCredentials_free(_client_credentials);
|
||||
ServerConnection_close(_server_connection);
|
||||
);
|
||||
try_void(askUserNameAndPassword(&_client_credentials));
|
||||
|
||||
Array(char) input_buf = Array_alloc(char, 10000);
|
||||
Defer(free(input_buf.data));
|
||||
str command_input = str_null;
|
||||
bool stop = false;
|
||||
while(!stop){
|
||||
sleepMsec(50);
|
||||
fputs("> ", stdout);
|
||||
if(fgets(input_buf.data, input_buf.size, stdin) == NULL){
|
||||
Return RESULT_ERROR("STDIN is closed", false);
|
||||
}
|
||||
if(fgets(input_buf.data, input_buf.size, stdin) == NULL)
|
||||
continue;
|
||||
|
||||
command_input = str_from_cstr(input_buf.data);
|
||||
str_trim(&command_input, true);
|
||||
@ -89,12 +77,15 @@ Result(void) client_run() {
|
||||
Result(void) com_result = commandExec(command_input, &stop);
|
||||
if(com_result.error){
|
||||
str e_str = Error_toStr(com_result.error);
|
||||
printf("%s\n", e_str.data);
|
||||
printfe("%s\n", e_str.data);
|
||||
free(e_str.data);
|
||||
Error_free(com_result.error);
|
||||
}
|
||||
}
|
||||
|
||||
free(input_buf.data);
|
||||
ClientCredentials_free(_client_credentials);
|
||||
ServerConnection_close(_server_connection);
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
|
||||
@ -125,9 +116,7 @@ static Result(void) commandExec(str command, bool* stop){
|
||||
ServerConnection_close(_server_connection);
|
||||
|
||||
puts("Enter server address (ip:port:public_key): ");
|
||||
if(fgets(answer_buf, answer_buf_size, stdin) == NULL){
|
||||
Return RESULT_ERROR("STDIN is closed", false);
|
||||
}
|
||||
fgets(answer_buf, answer_buf_size, stdin);
|
||||
str new_server_link = str_from_cstr(answer_buf);
|
||||
str_trim(&new_server_link, true);
|
||||
|
||||
|
||||
@ -176,14 +176,13 @@ void AESStreamDecryptor_construct(AESStreamDecryptor* ptr, Array(u8) key, const
|
||||
|
||||
Result(u32) AESStreamDecryptor_decrypt(AESStreamDecryptor* ptr, Array(u8) src, Array(u8) dst){
|
||||
Deferral(4);
|
||||
u32 decrypted_size = __AESStreamDecryptor_calcDstSize(src.size);
|
||||
try_assert(dst.size >= decrypted_size);
|
||||
|
||||
// if it is the beginning of the stream, read IV
|
||||
if(ptr->block_counter == 0){
|
||||
__Array_readNext(ptr->iv, &src, __AES_STREAM_IV_SIZE);
|
||||
}
|
||||
// size without IV
|
||||
u32 decrypted_size = src.size;
|
||||
try_assert(dst.size >= decrypted_size);
|
||||
|
||||
// decrypt full buffers
|
||||
while(src.size > __AES_BUFFER_SIZE){
|
||||
|
||||
@ -89,7 +89,7 @@ typedef struct AESStreamEncryptor {
|
||||
void AESStreamEncryptor_construct(AESStreamEncryptor* ptr, Array(u8) key, const br_block_ctr_class* ctr_class);
|
||||
|
||||
/// use this only at the beginning of the stream
|
||||
#define AESStreamEncryptor_calcDstSize(src_size) (src_size + __AES_STREAM_IV_SIZE)
|
||||
#define AESStreamEncryptor_calcDstSize(src_size) (src_size + __AES_BLOCK_IV_SIZE)
|
||||
|
||||
/// @brief If ptr->block_counter == 0, writes random IV to `dst`. After that writes encrypted data to dst.
|
||||
/// @param src array of any size
|
||||
@ -119,3 +119,5 @@ void AESStreamDecryptor_construct(AESStreamDecryptor* ptr, Array(u8) key, const
|
||||
/// @param dst array of size >= src.size
|
||||
/// @return size of decrypted data
|
||||
Result(u32) AESStreamDecryptor_decrypt(AESStreamDecryptor* ptr, Array(u8) src, Array(u8) dst);
|
||||
|
||||
#define __AESStreamDecryptor_calcDstSize(src_size) (src_size - __AES_BLOCK_IV_SIZE)
|
||||
|
||||
@ -111,10 +111,10 @@ str RSA_serializePublicKey_base64(const br_rsa_public_key* pk){
|
||||
return str_construct(serialized_buf, offset, true);
|
||||
}
|
||||
|
||||
Result(void) RSA_parsePublicKey_base64(cstr src, br_rsa_public_key* pk){
|
||||
Result(void) RSA_parsePublicKey_base64(const str src, br_rsa_public_key* pk){
|
||||
Deferral(8);
|
||||
u32 n_bitlen = 0;
|
||||
if(sscanf(src, "RSA-Public-%u:", &n_bitlen) != 1){
|
||||
if(sscanf(src.data, "RSA-Public-%u:", &n_bitlen) != 1){
|
||||
Return RESULT_ERROR("can't parse key size", false);
|
||||
}
|
||||
u32 key_buffer_size = BR_RSA_KBUF_PUB_SIZE(n_bitlen);
|
||||
@ -122,12 +122,11 @@ Result(void) RSA_parsePublicKey_base64(cstr src, br_rsa_public_key* pk){
|
||||
pk->elen = 4;
|
||||
pk->nlen = key_buffer_size - 4;
|
||||
pk->e = pk->n + pk->nlen;
|
||||
str src_str = str_from_cstr(src);
|
||||
u32 offset = str_seekChar(src_str, ':', 10) + 1;
|
||||
u32 offset = str_seekChar(src, ':', 10) + 1;
|
||||
if(offset == 0){
|
||||
Return RESULT_ERROR("missing ':' before key data", false);
|
||||
}
|
||||
str key_base64_str = src_str;
|
||||
str key_base64_str = src;
|
||||
key_base64_str.data += offset;
|
||||
key_base64_str.size -= offset;
|
||||
u32 decoded_size = base64_decodedSize(key_base64_str.data, key_base64_str.size);
|
||||
@ -141,10 +140,10 @@ Result(void) RSA_parsePublicKey_base64(cstr src, br_rsa_public_key* pk){
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
|
||||
Result(void) RSA_parsePrivateKey_base64(cstr src, br_rsa_private_key* sk){
|
||||
Result(void) RSA_parsePrivateKey_base64(const str src, br_rsa_private_key* sk){
|
||||
Deferral(8);
|
||||
u32 n_bitlen = 0;
|
||||
if(sscanf(src, "RSA-Private-%u:", &n_bitlen) != 1){
|
||||
if(sscanf(src.data, "RSA-Private-%u:", &n_bitlen) != 1){
|
||||
Return RESULT_ERROR("can't parse key size", false);
|
||||
}
|
||||
sk->n_bitlen = n_bitlen;
|
||||
@ -156,12 +155,11 @@ Result(void) RSA_parsePrivateKey_base64(cstr src, br_rsa_private_key* sk){
|
||||
sk->dp = sk->q + field_len;
|
||||
sk->dq = sk->dp + field_len;
|
||||
sk->iq = sk->dq + field_len;
|
||||
str src_str = str_from_cstr(src);
|
||||
u32 offset = str_seekChar(src_str, ':', 10) + 1;
|
||||
u32 offset = str_seekChar(src, ':', 10) + 1;
|
||||
if(offset == 0){
|
||||
Return RESULT_ERROR("missing ':' before key data", false);
|
||||
}
|
||||
str key_base64_str = src_str;
|
||||
str key_base64_str = src;
|
||||
key_base64_str.data += offset;
|
||||
key_base64_str.size -= offset;
|
||||
u32 decoded_size = base64_decodedSize(key_base64_str.data, key_base64_str.size);
|
||||
|
||||
@ -47,7 +47,7 @@ str RSA_serializePrivateKey_base64(const br_rsa_private_key* sk);
|
||||
|
||||
/// @param src serialized private key format "RSA-Private-%SIZE%:%DATA_BASE64%"
|
||||
/// @param sk out private key. WARNING: .p is allocated on heap
|
||||
Result(void) RSA_parsePrivateKey_base64(cstr src, br_rsa_private_key* sk);
|
||||
Result(void) RSA_parsePrivateKey_base64(const str src, br_rsa_private_key* sk);
|
||||
|
||||
/// @brief Encode key data in human-readable format
|
||||
/// @param src some data
|
||||
@ -56,7 +56,7 @@ str RSA_serializePublicKey_base64(const br_rsa_public_key* sk);
|
||||
|
||||
/// @param src serialized public key format "RSA-Public-%SIZE%:%DATA_BASE64%"
|
||||
/// @param sk out public key. WARNING: .p is allocated on heap
|
||||
Result(void) RSA_parsePublicKey_base64(cstr src, br_rsa_public_key* sk);
|
||||
Result(void) RSA_parsePublicKey_base64(const str src, br_rsa_public_key* sk);
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
// RSAEncryptor //
|
||||
|
||||
@ -1,134 +1,63 @@
|
||||
#include "encrypted_sockets.h"
|
||||
|
||||
void EncryptedSocketTCP_construct(EncryptedSocketTCP* ptr,
|
||||
Socket sock, u32 crypto_buffer_size, Array(u8) aes_key)
|
||||
void EncryptedSocketTCP_construct(EncryptedSocketTCP* ptr, Socket sock, Array(u8) aes_key)
|
||||
{
|
||||
ptr->sock = sock;
|
||||
AESStreamEncryptor_construct(&ptr->enc, aes_key, AESStream_DEFAULT_CLASS);
|
||||
AESStreamDecryptor_construct(&ptr->dec, aes_key, AESStream_DEFAULT_CLASS);
|
||||
ptr->recv_buf = Array_alloc_size(crypto_buffer_size);
|
||||
ptr->send_buf = Array_alloc_size(crypto_buffer_size);
|
||||
}
|
||||
|
||||
void EncryptedSocketTCP_destroy(EncryptedSocketTCP* ptr){
|
||||
socket_close(ptr->sock);
|
||||
free(ptr->recv_buf.data);
|
||||
free(ptr->send_buf.data);
|
||||
}
|
||||
|
||||
Result(void) EncryptedSocketTCP_send(EncryptedSocketTCP* ptr,
|
||||
Array(u8) buffer)
|
||||
Array(u8) decrypted_buf, Array(u8) encrypted_buf)
|
||||
{
|
||||
Deferral(1);
|
||||
|
||||
try(u32 encrypted_size, u,
|
||||
AESStreamEncryptor_encrypt(
|
||||
&ptr->enc,
|
||||
buffer,
|
||||
ptr->send_buf
|
||||
)
|
||||
);
|
||||
try_void(
|
||||
socket_send(
|
||||
ptr->sock,
|
||||
Array_sliceBefore(ptr->send_buf, encrypted_size)
|
||||
)
|
||||
);
|
||||
|
||||
Deferral(4);
|
||||
try(u32 encrypted_size, u, AESStreamEncryptor_encrypt(&ptr->enc, decrypted_buf, encrypted_buf));
|
||||
encrypted_buf.size = encrypted_size;
|
||||
try_void(socket_send(ptr->sock, encrypted_buf));
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
|
||||
Result(u32) EncryptedSocketTCP_recv(EncryptedSocketTCP* ptr,
|
||||
Array(u8) buffer, SocketRecvFlag flags)
|
||||
Result(i32) EncryptedSocketTCP_recv(EncryptedSocketTCP* ptr,
|
||||
Array(u8) encrypted_buf, Array(u8) decrypted_buf,
|
||||
SocketRecvFlag flags)
|
||||
{
|
||||
Deferral(1);
|
||||
|
||||
u32 size_to_receive = buffer.size;
|
||||
if(ptr->dec.block_counter == 0){
|
||||
// There is some metadata at the beginning of AES stream
|
||||
size_to_receive = AESStreamEncryptor_calcDstSize(size_to_receive);
|
||||
}
|
||||
try(i32 received_size, i,
|
||||
socket_recv(
|
||||
ptr->sock,
|
||||
Array_sliceBefore(ptr->recv_buf, size_to_receive),
|
||||
flags
|
||||
)
|
||||
);
|
||||
try(u32 decrypted_size, u,
|
||||
AESStreamDecryptor_decrypt(
|
||||
&ptr->dec,
|
||||
Array_sliceBefore(ptr->recv_buf, received_size),
|
||||
buffer
|
||||
)
|
||||
);
|
||||
|
||||
Return RESULT_VALUE(u, decrypted_size);
|
||||
Deferral(4);
|
||||
try(i32 received_size, i, socket_recv(ptr->sock, encrypted_buf, flags));
|
||||
//TODO: return error if WaitAll flag was set and socket closed before filling the buffer
|
||||
//TODO: return something when received_size == 0 (socket has been closed)
|
||||
encrypted_buf.size = received_size;
|
||||
try(i32 decrypted_size, u, AESStreamDecryptor_decrypt(&ptr->dec, encrypted_buf, decrypted_buf));
|
||||
Return RESULT_VALUE(i, decrypted_size);
|
||||
}
|
||||
|
||||
|
||||
|
||||
void EncryptedSocketUDP_construct(EncryptedSocketUDP* ptr,
|
||||
Socket sock, u32 crypto_buffer_size, Array(u8) aes_key)
|
||||
void EncryptedSocketUDP_construct(EncryptedSocketUDP* ptr, Socket sock, Array(u8) aes_key)
|
||||
{
|
||||
ptr->sock = sock;
|
||||
AESBlockEncryptor_construct(&ptr->enc, aes_key, AESBlockEncryptor_DEFAULT_CLASS);
|
||||
AESBlockDecryptor_construct(&ptr->dec, aes_key, AESBlockDecryptor_DEFAULT_CLASS);
|
||||
ptr->recv_buf = Array_alloc_size(crypto_buffer_size);
|
||||
ptr->send_buf = Array_alloc_size(crypto_buffer_size);
|
||||
}
|
||||
|
||||
void EncryptedSocketUDP_destroy(EncryptedSocketUDP* ptr){
|
||||
socket_close(ptr->sock);
|
||||
free(ptr->recv_buf.data);
|
||||
free(ptr->send_buf.data);
|
||||
}
|
||||
|
||||
Result(void) EncryptedSocketUDP_sendto(EncryptedSocketUDP* ptr,
|
||||
Array(u8) buffer, EndpointIPv4 remote_end)
|
||||
Array(u8) decrypted_buf, Array(u8) encrypted_buf,
|
||||
EndpointIPv4 remote_end)
|
||||
{
|
||||
Deferral(1);
|
||||
|
||||
try(u32 encrypted_size, u,
|
||||
AESBlockEncryptor_encrypt(
|
||||
&ptr->enc,
|
||||
buffer,
|
||||
ptr->send_buf
|
||||
)
|
||||
);
|
||||
try_void(
|
||||
socket_sendto(
|
||||
ptr->sock,
|
||||
Array_sliceBefore(ptr->send_buf, encrypted_size),
|
||||
remote_end
|
||||
)
|
||||
);
|
||||
|
||||
Deferral(4);
|
||||
try(u32 encrypted_size, u, AESBlockEncryptor_encrypt(&ptr->enc, decrypted_buf, encrypted_buf));
|
||||
encrypted_buf.size = encrypted_size;
|
||||
try_void(socket_sendto(ptr->sock, encrypted_buf, remote_end));
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
|
||||
Result(i32) EncryptedSocketUDP_recvfrom(EncryptedSocketUDP* ptr,
|
||||
Array(u8) buffer, SocketRecvFlag flags, NULLABLE(EndpointIPv4*) remote_end)
|
||||
Array(u8) encrypted_buf, Array(u8) decrypted_buf,
|
||||
SocketRecvFlag flags, NULLABLE(EndpointIPv4*) remote_end)
|
||||
{
|
||||
Deferral(1);
|
||||
|
||||
// There is some metadata at the start of each AES block
|
||||
u32 size_to_receive = AESBlockEncryptor_calcDstSize(buffer.size);
|
||||
try(i32 received_size, i,
|
||||
socket_recvfrom(
|
||||
ptr->sock,
|
||||
Array_sliceBefore(ptr->recv_buf, size_to_receive),
|
||||
flags,
|
||||
remote_end
|
||||
)
|
||||
);
|
||||
try(u32 decrypted_size, u,
|
||||
AESBlockDecryptor_decrypt(
|
||||
&ptr->dec,
|
||||
Array_sliceBefore(ptr->recv_buf, received_size),
|
||||
buffer
|
||||
)
|
||||
);
|
||||
|
||||
Return RESULT_VALUE(u, decrypted_size);
|
||||
Deferral(4);
|
||||
try(i32 received_size, i, socket_recvfrom(ptr->sock, encrypted_buf, flags, remote_end));
|
||||
encrypted_buf.size = received_size;
|
||||
try(i32 decrypted_size, u, AESBlockDecryptor_decrypt(&ptr->dec, encrypted_buf, decrypted_buf));
|
||||
Return RESULT_VALUE(i, decrypted_size);
|
||||
}
|
||||
|
||||
@ -10,21 +10,16 @@ typedef struct EncryptedSocketTCP {
|
||||
Socket sock;
|
||||
AESStreamEncryptor enc;
|
||||
AESStreamDecryptor dec;
|
||||
Array(u8) send_buf;
|
||||
Array(u8) recv_buf;
|
||||
} EncryptedSocketTCP;
|
||||
|
||||
void EncryptedSocketTCP_construct(EncryptedSocketTCP* ptr,
|
||||
Socket sock, u32 crypto_buffer_size, Array(u8) aes_key);
|
||||
|
||||
/// closes the socket
|
||||
void EncryptedSocketTCP_destroy(EncryptedSocketTCP* ptr);
|
||||
void EncryptedSocketTCP_construct(EncryptedSocketTCP* ptr, Socket sock, Array(u8) aes_key);
|
||||
|
||||
Result(void) EncryptedSocketTCP_send(EncryptedSocketTCP* ptr,
|
||||
Array(u8) buffer);
|
||||
Array(u8) decrypted_buf, Array(u8) encrypted_buf);
|
||||
|
||||
Result(u32) EncryptedSocketTCP_recv(EncryptedSocketTCP* ptr,
|
||||
Array(u8) buffer, SocketRecvFlag flags);
|
||||
Result(void) EncryptedSocketTCP_recv(EncryptedSocketTCP* ptr,
|
||||
Array(u8) encrypted_buf, Array(u8) decrypted_buf,
|
||||
SocketRecvFlag flags);
|
||||
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
@ -35,18 +30,15 @@ typedef struct EncryptedSocketUDP {
|
||||
Socket sock;
|
||||
AESBlockEncryptor enc;
|
||||
AESBlockDecryptor dec;
|
||||
Array(u8) send_buf;
|
||||
Array(u8) recv_buf;
|
||||
} EncryptedSocketUDP;
|
||||
|
||||
void EncryptedSocketUDP_construct(EncryptedSocketUDP* ptr,
|
||||
Socket sock, u32 crypto_buffer_size, Array(u8) aes_key);
|
||||
|
||||
/// closes the socket
|
||||
void EncryptedSocketUDP_destroy(EncryptedSocketUDP* ptr);
|
||||
void EncryptedSocketUDP_construct(EncryptedSocketUDP* ptr, Socket sock, Array(u8) aes_key);
|
||||
|
||||
Result(void) EncryptedSocketUDP_sendto(EncryptedSocketUDP* ptr,
|
||||
Array(u8) buffer, EndpointIPv4 remote_end);
|
||||
Array(u8) decrypted_buf, Array(u8) encrypted_buf,
|
||||
EndpointIPv4 remote_end);
|
||||
|
||||
Result(u32) EncryptedSocketUDP_recvfrom(EncryptedSocketUDP* ptr,
|
||||
Array(u8) buffer, SocketRecvFlag flags, NULLABLE(EndpointIPv4*) remote_end);
|
||||
Result(i32) EncryptedSocketUDP_recvfrom(EncryptedSocketUDP* ptr,
|
||||
Array(u8) encrypted_buf, Array(u8) decrypted_buf,
|
||||
SocketRecvFlag flags,
|
||||
NULLABLE(EndpointIPv4*) remote_end);
|
||||
|
||||
@ -61,24 +61,16 @@ Result(void) socket_connect(Socket s, EndpointIPv4 remote_end){
|
||||
|
||||
Result(void) socket_send(Socket s, Array(u8) buffer){
|
||||
i32 r = send(s, buffer.data, buffer.size, 0);
|
||||
if(r < 0){
|
||||
if(r < 0)
|
||||
return RESULT_ERROR_SOCKET();
|
||||
}
|
||||
if((u32)r != buffer.size){
|
||||
return RESULT_ERROR_FMT("Socket was unable to send data");
|
||||
}
|
||||
return RESULT_VOID;
|
||||
}
|
||||
|
||||
Result(void) socket_sendto(Socket s, Array(u8) buffer, EndpointIPv4 dst){
|
||||
struct sockaddr_in sockaddr = EndpointIPv4_toSockaddr(dst);
|
||||
i32 r = sendto(s, buffer.data, buffer.size, 0, (void*)&sockaddr, sizeof(sockaddr));
|
||||
if(r < 0){
|
||||
if(r < 0)
|
||||
return RESULT_ERROR_SOCKET();
|
||||
}
|
||||
if((u32)r != buffer.size){
|
||||
return RESULT_ERROR_FMT("Socket was unable to send data");
|
||||
}
|
||||
return RESULT_VOID;
|
||||
}
|
||||
|
||||
@ -93,13 +85,8 @@ static inline int SocketRecvFlags_toStd(SocketRecvFlag flags){
|
||||
|
||||
Result(i32) socket_recv(Socket s, Array(u8) buffer, SocketRecvFlag flags){
|
||||
i32 r = recv(s, buffer.data, buffer.size, SocketRecvFlags_toStd(flags));
|
||||
if(r < 0){
|
||||
if(r < 0)
|
||||
return RESULT_ERROR_SOCKET();
|
||||
}
|
||||
if(r == 0 || (flags & SocketRecvFlag_WaitAll && (u32)r != buffer.size))
|
||||
{
|
||||
return RESULT_ERROR("Socket closed", false);
|
||||
}
|
||||
return RESULT_VALUE(i, r);
|
||||
}
|
||||
|
||||
@ -108,13 +95,8 @@ Result(i32) socket_recvfrom(Socket s, Array(u8) buffer, SocketRecvFlag flags, NU
|
||||
i32 sockaddr_size = sizeof(remote_addr);
|
||||
i32 r = recvfrom(s, buffer.data, buffer.size, SocketRecvFlags_toStd(flags),
|
||||
(struct sockaddr*)&remote_addr, (void*)&sockaddr_size);
|
||||
if(r < 0){
|
||||
if(r < 0)
|
||||
return RESULT_ERROR_SOCKET();
|
||||
}
|
||||
if(r == 0 || (flags & SocketRecvFlag_WaitAll && (u32)r != buffer.size))
|
||||
{
|
||||
return RESULT_ERROR("Socket closed", false);
|
||||
}
|
||||
|
||||
//TODO: add IPV6 support (struct sockaddr_in6)
|
||||
assert(sockaddr_size == sizeof(remote_addr));
|
||||
|
||||
@ -1,9 +1,14 @@
|
||||
#include "v1.h"
|
||||
|
||||
void ClientHandshake_construct(ClientHandshake* ptr, Array(u8) session_key){
|
||||
memcpy(ptr->session_key, session_key.data, sizeof(ptr->session_key));
|
||||
Result(void) ClientHandshake_tryConstruct(ClientHandshake* ptr, Array(u8) session_key){
|
||||
Deferral(1);
|
||||
try_assert(session_key.size == AES_SESSION_KEY_SIZE);
|
||||
PacketHeader_construct(&ptr->header, PROTOCOL_VERSION, PacketType_ClientHandshake, session_key.size);
|
||||
memcpy(ptr->session_key, session_key.data, session_key.size);
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
|
||||
void ServerHandshake_construct(ServerHandshake* ptr, u64 session_id){
|
||||
PacketHeader_construct(&ptr->header, PROTOCOL_VERSION, PacketType_ServerHandshake, sizeof(session_id));
|
||||
ptr->session_id = session_id;
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
#include "network/tcp-chat-protocol/constant.h"
|
||||
|
||||
#define PROTOCOL_VERSION 1 /* 1.0.0 */
|
||||
#define NETWORK_BUFFER_SIZE 65536
|
||||
|
||||
|
||||
typedef enum PacketType {
|
||||
PacketType_Invalid,
|
||||
@ -14,18 +14,21 @@ typedef enum PacketType {
|
||||
|
||||
|
||||
typedef struct ErrorMessage {
|
||||
PacketHeader header;
|
||||
/* content stream of size `header.content_size` */
|
||||
} ErrorMessage;
|
||||
|
||||
|
||||
typedef struct ClientHandshake {
|
||||
PacketHeader header;
|
||||
u8 session_key[AES_SESSION_KEY_SIZE];
|
||||
} ClientHandshake;
|
||||
|
||||
void ClientHandshake_construct(ClientHandshake* ptr, Array(u8) session_key);
|
||||
Result(void) ClientHandshake_tryConstruct(ClientHandshake* ptr, Array(u8) session_key);
|
||||
|
||||
|
||||
typedef struct ServerHandshake {
|
||||
PacketHeader header;
|
||||
u64 session_id;
|
||||
} ServerHandshake;
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
void ClientConnection_close(ClientConnection* conn){
|
||||
if(conn == NULL)
|
||||
return;
|
||||
EncryptedSocketTCP_destroy(&conn->sock);
|
||||
socket_close(conn->sock.sock);
|
||||
free(conn->session_key.data);
|
||||
free(conn);
|
||||
}
|
||||
@ -26,23 +26,19 @@ Result(ClientConnection*) ClientConnection_accept(ServerCredentials* server_cred
|
||||
conn->session_id = session_id;
|
||||
conn->session_key = Array_alloc_size(AES_SESSION_KEY_SIZE);
|
||||
|
||||
Array(u8) buffer = Array_alloc_size(NETWORK_BUFFER_SIZE);
|
||||
// fix for valgrind false detected errors about uninitialized memory
|
||||
Array_memset(buffer, 0xCC);
|
||||
Defer(free(buffer.data));
|
||||
Array(u8) enc_buf = Array_alloc_size(8*1024);
|
||||
Defer(free(enc_buf.data));
|
||||
Array(u8) dec_buf = Array_alloc_size(8*1024);
|
||||
Defer(free(dec_buf.data));
|
||||
u32 enc_size = 0, dec_size = 0;
|
||||
|
||||
// TODO: set socket timeout to 5 seconds
|
||||
|
||||
// receive message encrypted by server public key
|
||||
u32 header_and_message_size = sizeof(PacketHeader) + sizeof(ClientHandshake);
|
||||
Array(u8) bufferPart_encryptedClientHandshake = {
|
||||
.data = (u8*)buffer.data + header_and_message_size,
|
||||
.size = server_credentials->rsa_pk.nlen
|
||||
};
|
||||
try_void(
|
||||
try(enc_size, u,
|
||||
socket_recv(
|
||||
sock_tcp,
|
||||
bufferPart_encryptedClientHandshake,
|
||||
Array_sliceBefore(enc_buf, server_credentials->rsa_pk.nlen),
|
||||
SocketRecvFlag_WaitAll
|
||||
)
|
||||
);
|
||||
@ -50,47 +46,42 @@ Result(ClientConnection*) ClientConnection_accept(ServerCredentials* server_cred
|
||||
// decrypt the message using server private key
|
||||
RSADecryptor rsa_dec;
|
||||
RSADecryptor_construct(&rsa_dec, &server_credentials->rsa_sk);
|
||||
try(u32 rsa_dec_size, u,
|
||||
try(dec_size, u,
|
||||
RSADecryptor_decrypt(
|
||||
&rsa_dec,
|
||||
bufferPart_encryptedClientHandshake,
|
||||
buffer
|
||||
Array_sliceBefore(enc_buf, enc_size),
|
||||
dec_buf
|
||||
)
|
||||
);
|
||||
|
||||
// validate client handshake
|
||||
if(rsa_dec_size != header_and_message_size){
|
||||
if(dec_size != sizeof(ClientHandshake)){
|
||||
Return RESULT_ERROR_FMT(
|
||||
"decrypted message (size: %u) is not a ClientHandshake (size: %u)",
|
||||
rsa_dec_size, header_and_message_size
|
||||
dec_size, (u32)sizeof(ClientHandshake)
|
||||
);
|
||||
}
|
||||
PacketHeader* packet_header = buffer.data;
|
||||
ClientHandshake* client_handshake = Array_sliceAfter(buffer, sizeof(PacketHeader)).data;
|
||||
try_void(PacketHeader_validateMagic(packet_header));
|
||||
if(packet_header->type != PacketType_ClientHandshake){
|
||||
ClientHandshake* client_handshake = dec_buf.data;
|
||||
try_void(PacketHeader_validateMagic(&client_handshake->header));
|
||||
if(client_handshake->header.type != PacketType_ClientHandshake){
|
||||
Return RESULT_ERROR_FMT(
|
||||
"received message of unexpected type: %u",
|
||||
packet_header->type
|
||||
client_handshake->header.type
|
||||
);
|
||||
}
|
||||
|
||||
// use received session key
|
||||
memcpy(conn->session_key.data, client_handshake->session_key, conn->session_key.size);
|
||||
EncryptedSocketTCP_construct(&conn->sock, sock_tcp, NETWORK_BUFFER_SIZE, conn->session_key);
|
||||
EncryptedSocketTCP_construct(&conn->sock, sock_tcp, conn->session_key);
|
||||
|
||||
// construct PacketHeader and ServerHandshake in buffer
|
||||
PacketHeader_construct(buffer.data, PROTOCOL_VERSION,
|
||||
PacketType_ServerHandshake, sizeof(ServerHandshake));
|
||||
ServerHandshake_construct(
|
||||
Array_sliceAfter(buffer, sizeof(PacketHeader)).data,
|
||||
session_id);
|
||||
// construct ServerHandshake in dec_buf
|
||||
ServerHandshake_construct((ServerHandshake*)dec_buf.data, session_id);
|
||||
// send ServerHandshake over encrypted TCP socket
|
||||
header_and_message_size = sizeof(PacketHeader) + sizeof(ServerHandshake);
|
||||
try_void(
|
||||
EncryptedSocketTCP_send(
|
||||
&conn->sock,
|
||||
Array_sliceBefore(buffer, header_and_message_size)
|
||||
Array_sliceBefore(dec_buf, sizeof(ServerHandshake)),
|
||||
enc_buf
|
||||
)
|
||||
);
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#include "server.h"
|
||||
|
||||
|
||||
Result(ServerCredentials*) ServerCredentials_create(cstr rsa_sk_base64, cstr rsa_pk_base64){
|
||||
Result(ServerCredentials*) ServerCredentials_create(const str rsa_sk_base64, const str rsa_pk_base64){
|
||||
Deferral(4);
|
||||
|
||||
ServerCredentials* cred = (ServerCredentials*)malloc(sizeof(ServerCredentials));
|
||||
|
||||
@ -4,7 +4,6 @@
|
||||
#include "server.h"
|
||||
#include "config.h"
|
||||
#include "log.h"
|
||||
#include "network/tcp-chat-protocol/v1.h"
|
||||
|
||||
typedef struct ConnectionHandlerArgs {
|
||||
Socket accepted_socket;
|
||||
@ -24,7 +23,6 @@ static Result(void) parseConfig(cstr config_path){
|
||||
|
||||
// open file
|
||||
try(FILE* config_file, p, file_open(config_path, FO_ReadExisting));
|
||||
Defer(file_close(config_file));
|
||||
// read whole file into Array(char)
|
||||
try(i64 config_file_size, i, file_getSize(config_file));
|
||||
Array(char) config_buf = Array_alloc(char, config_file_size);
|
||||
@ -36,13 +34,7 @@ static Result(void) parseConfig(cstr config_path){
|
||||
str pk_base64;
|
||||
try_void(config_findValue(config_str, STR("rsa_private_key"), &sk_base64, true));
|
||||
try_void(config_findValue(config_str, STR("rsa_public_key"), &pk_base64, true));
|
||||
char* sk_base64_cstr = str_copy(sk_base64).data;
|
||||
char* pk_base64_cstr = str_copy(pk_base64).data;
|
||||
Defer(
|
||||
free(sk_base64_cstr);
|
||||
free(pk_base64_cstr);
|
||||
);
|
||||
try(_server_credentials, p, ServerCredentials_create(sk_base64_cstr, pk_base64_cstr));
|
||||
try(_server_credentials, p, ServerCredentials_create(sk_base64, pk_base64));
|
||||
|
||||
Return RESULT_VOID;
|
||||
}
|
||||
@ -53,7 +45,6 @@ Result(void) server_run(cstr server_endpoint_cstr, cstr config_path){
|
||||
logInfo(log_ctx, "starting server");
|
||||
logDebug(log_ctx, "parsing config");
|
||||
try_void(parseConfig(config_path));
|
||||
Defer(ServerCredentials_free(_server_credentials));
|
||||
|
||||
logDebug(log_ctx, "initializing main socket");
|
||||
EndpointIPv4 server_end;
|
||||
@ -72,7 +63,6 @@ Result(void) server_run(cstr server_endpoint_cstr, cstr config_path){
|
||||
//TODO: use async IO instead of threads to not waste system resources
|
||||
// while waiting for incoming data in 100500 threads
|
||||
try_stderrcode(pthread_create(&conn_thread, NULL, handle_connection, args));
|
||||
try_stderrcode(pthread_detach(&conn_thread));
|
||||
}
|
||||
|
||||
Return RESULT_VOID;
|
||||
@ -98,10 +88,7 @@ static Result(void) try_handle_connection(ConnectionHandlerArgs* args, cstr log_
|
||||
Defer(free(args));
|
||||
|
||||
ClientConnection* conn = NULL;
|
||||
Defer(
|
||||
ClientConnection_close(conn);
|
||||
logInfo(log_ctx, "session closed");
|
||||
);
|
||||
Defer(ClientConnection_close(conn));
|
||||
// establish encrypted connection
|
||||
try(conn, p,
|
||||
ClientConnection_accept(
|
||||
@ -111,16 +98,9 @@ static Result(void) try_handle_connection(ConnectionHandlerArgs* args, cstr log_
|
||||
args->session_id
|
||||
)
|
||||
);
|
||||
logInfo(log_ctx, "session accepted");
|
||||
logDebug(log_ctx, "session accepted");
|
||||
|
||||
// handle requests
|
||||
|
||||
Array(u8) buffer = Array_alloc_size(NETWORK_BUFFER_SIZE);
|
||||
// fix for valgrind false detected errors about uninitialized memory
|
||||
Array_memset(buffer, 0xCC);
|
||||
Defer(free(buffer.data));
|
||||
u32 dec_size = 0;
|
||||
|
||||
while(true){
|
||||
sleepMsec(10);
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ typedef struct ServerCredentials {
|
||||
br_rsa_public_key rsa_pk;
|
||||
} ServerCredentials;
|
||||
|
||||
Result(ServerCredentials*) ServerCredentials_create(cstr rsa_sk_base64, cstr rsa_pk_base64);
|
||||
Result(ServerCredentials*) ServerCredentials_create(const str rsa_sk_base64, const str rsa_pk_base64);
|
||||
|
||||
void ServerCredentials_free(ServerCredentials* cred);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user